• Journal of KIISE:Computer Systems and Theory
• /
• v.31 no.1_2
• /
• pp.27-40
• /
• 2004

The OSGi service platform has several characteristics as in the followings. First, the service is deployed in the form of self-installable component called service bundle. Second, the service is dynamic according to its life-cycle and has interactions with other services. Third, the system resources of a home gateway are restricted. Due to these characteristics of a home gateway, there are a lot of rooms for malicious services can be Installed, and further, the nature of service can be changed. It is possible for those service bundles to influence badly on service gateways and users. However, there is no service bundle authentication mechanism considering those characteristics for the home gateway In this paper, we propose a service bundle authentication mechanism considering those characteristics for the home gateway environment. We design the mechanism for sharing a key which transports a service bundle safely in bootstrapping step that recognize and initialize equipments. And we propose the service bundle authentication mechanism based on MAC that use a shared secret created in bootstrapping step. Also we verify the safety of key sharing mechanism and service bundle authentication mechanism using a BAN Logic. This service bundle authentication mechanism Is more efficient than PKI-based service bundle authentication mechanism or RSH protocol in the service platform which has restricted resources such as storage spaces and operations.

• ETRI Journal
• /
• v.35 no.1
• /
• pp.173-176
• /
• 2013

Existing symmetric cryptography-based solutions against pollution attacks for network coding systems suffer various drawbacks, such as highly complicated key distribution and vulnerable security against collusion. This letter presents a novel homomorphic subspace message authentication code (MAC) scheme that can thwart pollution attacks in an efficient way. The basic idea is to exploit the combination of the symmetric cryptography and linear subspace properties of network coding. The proposed scheme can tolerate the compromise of up to r-1 intermediate nodes when r source keys are used. Compared to previous MAC solutions, less secret keys are needed for the source and only one secret key is distributed to each intermediate node.

• ETRI Journal
• /
• v.37 no.1
• /
• pp.186-196
• /
• 2015

In resource-constrained, low-cost, radio-frequency identification (RFID) sensor-based mobile ad hoc networks (MANETs), ensuring security without performance degradation is a major challenge. This paper introduces a novel combination of steps in lightweight protocol integration to provide a secure network for RFID sensor-based MANETs using error-correcting codes (ECCs). The proposed scheme chooses a quasi-cyclic ECC. Key pairs are generated using the ECC for establishing a secure message communication. Probability analysis shows that code-based identification; key generation; and authentication and trust management schemes protect the network from Sybil, eclipse, and de-synchronization attacks. A lightweight model for the proposed sequence of steps is designed and analyzed using an Alloy analyzer. Results show that selection processes with ten nodes and five subgroup controllers identify attacks in only a few milliseconds. Margrave policy analysis shows that there is no conflict among the roles of network members.

• Journal of Industrial Technology
• /
• v.25 no.B
• /
• pp.211-220
• /
• 2005

The wireless sensor network consists of a number of sensor nodes which have physical constraints. Each sensor node senses surrounding environments and sends the sensed information to Sink. The inherent vulnerability in security of the sensor nodes has promoted the needs for the lightweight security protocol. In this paper, we propose a non-hierarchical sensor network and a security protocol that is suitable for monitoring the man-made objects such as bridges. Furthermore, we present the efficient way of setting the routing path by storing IDs, MAC(message authentication code) and the location information of the nodes, and taking advantage of the two node states, Sleep and Awake. This also will result in the reduced energy consuming rate.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1997.11a
• /
• pp.91-100
• /
• 1997

암호학적으로 안전한 해쉬 함수는 디지털 서명, 메시지 인증, 키 유도와 같은 분야에서 중요한 암호 도구이다 현재까지 제안된 소프트웨어로 고속 수행이 가능한 해쉬 함수들의 대부분은 Rivest가 제안한 MD4의 설계 원리에 기반을 두고 있다. 이들 MD 계열 해쉬 함수 중에서 현재 안전하다고 알려진 전용 해쉬 함수는 SHA-1, RIPEMD-160, HAVAL 등이다. 본 논문에서는 이들 세 가지 해쉬 함수들의 장점에 기반하여 이들 함수들이 가지는 안전성을 최대한 유지하면서 보다 효율적인 새로운 해쉬 함수를 제안한다. 제안된 해쉬 함수는 임의 길이 메시지를 512비트 단위로 처리하여 160비트의 출력을 가지며, 입력 데이터에 의존한 순환이동(data-dependent rotation)의 특징을 가짐으로써 기존에 알려진 공격에 강인함을 보장한다. 또한 제안된 해쉬 함수를 이용한 메시지 인증 코드(Message Authentication Code:MAC) 구성 알고리즘을 제안한다 MAC은 두 번째 입력, 즉 비밀키를 가진 해쉬 함수로 keyed 해쉬 함수라고 하며, 메시지 출처 인증과 무결성 확인을 제공한다. 제안된 MAC은 최대 160-비트의 키를 사용하며 해쉬 결과보다 같거나 적은 MAC 결과를 가지며, 성능 면에서 사용되는 해쉬 함수에 비해 약 10% 정도의 저하를 초래한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.899-902
• /
• 2001

공개키 연산을 이용하는 고액 지불 시스템(Macro Payment System)은 높은 수수료로 인해 경제성이 맞지 않아 소액 지불(Micro Payment)에는 적합하지 않다. 해쉬 연산을 이용한 PayWord 프로토콜은 저렴한 메커니즘 비용과 신속한 트랜잭션 처리, 거래과정에서 브로커의 오프라인 참여로 소액 대금 결재에 적합하다. 그러나 특정 상점에만 사용 가능한 화폐가치를 포함하여, 사용자가 거래하는 상점이 많아지면 관리 저장해야 하는 해쉬 체인의 수가 늘어나는 단점이 있다. 본 논문에서는 전자화폐에 해당하는 해쉬 체인을 하나만 생성하여 여러 상점들에 안전한 지불을 수행하는 개선된 소액 지불 프로토콜을 제안한다. 제안한 방법은 지불과정에 MAC(Message Authentication Code)을 이용한 해쉬 간을 추가하여, 상점들의 공모 및 악의적인 수정을 방지한다. 따라서 사용자는 하나의 해쉬 체인만을 생성함으로써 기존의 PayWord보다 계산부담이 줄고, 여러 상점들과의 일시적인 거래관계에서도 효율적인 지불을 수행한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.3
• /
• pp.715-722
• /
• 2010

This paper describes a hardware design of hash function processor which implements Korean Hash Algorithm Standard HAS-160. The HAS-160 processor compresses a message with arbitrary lengths into a hash code with a fixed length of 160-bit. To achieve high-speed operation with small-area, arithmetic operation for step-operation is implemented by using a hybrid structure of 5:3 and 3:2 carry-save adders and carry-select adder. It computes a 160-bit hash code from a message block of 512 bits in 82 clock cycles, and has 312 Mbps throughput at 50 MHz@3.3-V clock frequency. The designed HAS-160 processor is verified by FPGA implementation, and it has 17,600 gates on a layout area of about $1\;mm^2$ using a 0.35-${\mu}m$ CMOS cell library.

• Journal of Internet Computing and Services
• /
• v.21 no.4
• /
• pp.25-34
• /
• 2020

In the current medical information system, a system environment is constructed in which Biometric data generated by using IoT or medical equipment connected to a patient can be stored in a medical information server and monitored at the same time. Also, the patient's biometric data, medical information, and personal information after simple authentication using only the ID / PW via the mobile terminal of the medical staff are easily accessible. However, the method of accessing these medical information needs to be improved in the dimension of protecting patient's personal information, and provides a quick authentication system for first aid. In this paper, we implemented an automatic authentication system based on the patient's situation and evaluated its performance. Patient's situation was graded into normal and emergency situation, and the situation of the patient was determined in real time using incoming patient biometric data from the ward. If the patient's situation is an emergency, an emergency message including an emergency code is send to the mobile terminal of the medical staff, and they attempted automatic authentication to access the upper medical information of the patient. Automatic authentication is a combination of user authentication(ID/PW, emergency code) and mobile terminal authentication(medical staff's role, working hours, work location). After user authentication, mobile terminal authentication is proceeded automatically without additional intervention by medical staff. After completing all authentications, medical staffs get authorization according to the role of medical staffs and patient's situations, and can access to the patient's graded medical information and personal information through the mobile terminal. We protected the patient's medical information through limited medical information access by the medical staff according to the patient's situation, and provided an automatic authentication without additional intervention in an emergency situation. We performed performance evaluation to verify the performance of the implemented automatic authentication system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1436-1457
• /
• 2018

Secure routing services in Wireless Sensor Networks (WSNs) are essential, especially in mission critical fields such as the military and in medical applications. Additionally, they play a vital role in the current and future Internet of Things (IoT) services. Lightness and efficiency of a routing protocol are not the only requirements that guarantee success; security assurance also needs to be enforced. This paper proposes a Secure-Fuzzy Energy Aware Routing Protocol (S-FEAR) for WSNs. S-FEAR applies a security model to an existing energy efficient FEAR protocol. As part of this research, the S-FEAR protocol has been analyzed in terms of the communication and processing costs associated with building and applying this model, regardless of the security techniques used. Moreover, the Qualnet network simulator was used to implement both FEAR and S-FEAR after carefully selecting the following security techniques to achieve both authentication and data integrity: the Cipher Block Chaining-Message Authentication Code (CBC-MAC) and the Elliptic Curve Digital Signature Algorithm (ECDSA). The performance of both protocols was assessed in terms of complexity and energy consumption. The results reveal that achieving authentication and data integrity successfully excluded all attackers from the network topology regardless of the percentage of attackers. Consequently, the constructed topology is secure and thus, safe data transmission over the network is ensured. Simulation results show that using CBC-MAC for example, costs 0.00064% of network energy while ECDSA costs about 0.0091%. On the other hand, attacks cost the network about 4.7 times the cost of applying these techniques.

• Journal of Venture Innovation
• /
• v.2 no.1
• /
• pp.13-21
• /
• 2019

In LTE environment, which is 4th generation mobile communication systems, there is concern about private information exposure by transmitting initial identifier in plain text. This paper suggest mutual authentication protocol, which uses one-time password utilizing challenge-response and AES-based Milenage key generation algorithm, as solution for safe initial identification communication, preventing unique identification information leaking. Milenage key generation algorithm has been used in LTE Security protocol for generating Cipher key, Integrity key, Message Authentication Code. Performance analysis evaluates the suitability of LTE Security protocol and LTE network by comparing LTE Security protocol with proposed protocol about algorithm operation count and Latency.Thus, this paper figures out initial identification communication's weak points of currently used LTE security protocol and complements in accordance with traditional protocol. So, it can be applied for traditional LTE communication on account of providing additional confidentiality to initial identifier.